Skip to Navigation Skip to Content
MCME-PATIENT PRIVACY-5
  2. Healthcare Campaigns | Mediclinic Middle East UAE
    1. Mediclinic Middle East
    2. Stay Services & Hospitals - Mediclinic Middle East
    3. Clinics & Hospitals in Dubai & Abu Dhabi - Mediclinic
    4. Health Knowledge
    5. Services and Specialities
    6. Mediclinic Health Packages
    7. Careers at Mediclinic Middle East
    8. About Mediclinic Middle East
    9. Quality
    10. Media and News
    11. Mediclinic Middle East - Referring Doctors
    12. Mediclinic Middle East - Careers at Mediclinic
    13. Mediclinic Middle East Special Offers
    14. Expert Medical Team UAE | Mediclinic Specialists
    15. Contact Mediclinic UAE | Healthcare Support
    16. Maternity Hospital and Baby Care
    17. Privacy Statement
    18. Terms of Use
    19. Mediclinic Emergency
    20. Mediclinic Middle East - Health Insurance Partners
    21. What you should do in an emergency
    22. Clinical Research in The Middle East - Mediclinic
    23. Pharmacy Home Delivery
    24. Mediclinic Kids
    25. COVID-19 Healthcare Services | Mediclinic UAE
    26. Mediclinic Middle East - Book an Appointment with Our Doctors
    27. Mediclinic Precise - Genetic Testing & Profiling
    28. Mediclinic at Home
    29. Bourn Hall Fertility Clinic Dubai | Mediclinic UAE
    30. Important Healthcare Updates | Mediclinic UAE
    31. Ayadi Home Healthcare Services Dubai | Mediclinic UAE, أيادي للرعاية الصحية المنزلية
    32. Professional Home Healthcare | Mediclinic UAE
    33. Patient Privacy Notice
    34. EVUSHELD
    35. Experience Cutting-Edge Healthcare at Mediclinic UAE - Health Experience Hub
    36. glossary
    37. Client Experience Hub
    38. Genetic Health
    39. Info
    40. Travel Clinic
    41. Travel Vaccine in Dubai and Abu Dhabi | Mediclinic
    42. Home-test
    43. About Mediclinic Woman
    44. About Mediclinic Woman
  3. Data Privacy Awareness Campaign | Mediclinic Middle East UAE
    1. 5th Annual Research Conference | Mediclinic Middle East
    2. Data Privacy Awareness Campaign | Mediclinic Middle East UAE
    3. Comprehensive Gut Microbiome Testing at Mediclinic
    4. Step Up Health Challenge | Mediclinic Middle East
    5. Paediatric Health Check-up Package at Mediclinic Middle East
  4. Data Protection Laws – what is applicable to Mediclinic? (December 2024)
    1. Patient Data Protection | Mediclinic Middle East
    2. Patient Data Access Control | Mediclinic UAE
    3. Healthcare Data Privacy Roles | Mediclinic UAE
    4. Mobile Device Policy Healthcare | Mediclinic UAE
    5. Healthcare Data Security | Password Protection UAE
    6. Patient Confidentiality Guidelines | Mediclinic UAE
    7. Make data privacy a habit in your everyday working life (November 2024)
    8. Data Protection Laws – what is applicable to Mediclinic? (December 2024)
    9. International Data Protection Day (January 2025)
Data Privacy Awareness Campaign | Mediclinic Middle East UAE

Data Protection Laws – what is applicable to Mediclinic? (December 2024)

We are Guardians of Patient Privacy

Data Protection Laws – what is applicable to Mediclinic? (December 2024)

  • Privacy and data protection is regulated by laws. Originating from Europe, such laws have evolved to numerous countries around the globe, recently also to the United Arab Emirates and other countries in the Gulf region. The landscape of data protection laws is complex. Asides from a general overarching data protection act, there are numerous specific regulations and provisions in place.
  • The following is a list of the most significant privacy and data protection laws and regulations applicable to MCME or influencing the Mediclinic data protection framework.

UAE Federal Decree Law No. 45 of 2021 regarding the Protection of Personal Data (PDPL)

  • Issued on 26 September 2021 and entered into force on 2 January 2022.
  • Provides definitions for “personal data”, “data processing”, “data controller”, “data processor” and more.
  • Sets principles for data processing activities and provides privacy rights for individuals.
  • Sets compliance requirements for data controllers and processors.
  • Applicable to all MCME facilities.

UAE Federal Decree Law No. 44 of 2021 on the establishment of the UAE Data Office

  • The UAE Data Office will act as the UAE Data Protection Authority, operationalising the Law’s requirements.
  • Executive Regulations to both, Law No. 44 and 45, are still missing, and the UAE Data Office has not yet been constituted.

UAE Federal Law No. 2 of 2019 Concerning the Use of the Information and Communication Technology in the Areas of Health (ICT Health Law) and its Executive Regulations

  • Sets provisions for the use of ICT in the healthcare sector.
  • Regulates the “centralised system” (i.e. HIE platforms like Nabidh and Malaffi) and the connection of healthcare providers to the system.
  • Stipulates limitations for the transfer of health information outside the UAE and sets strict requirements for exemptions.
  • Highly relevant for Mediclinic regarding the localisation and sharing of health data.

UAE Federal Law No. 15 of 2020 on Consumer Protection

  • Amongst other rights, the protection of privacy and security of the consumers’ data and not using it for promotional and marketing purposes without consent is a consumer right.
  • Applicable to Mediclinic for the provision goods like pharmaceuticals or beauty products and medical services to its customers (patients, clients).

DOH ADHICS Version 2 of 2024 and DOH Standard on Patient Healthcare Data Privacy 2020

  • The Abu Dhabi Healthcare Information and Cybersecurity Standard (ADHICS), issued by the Abu Dhabi Department of Health, is one of the most comprehensive cybersecurity framework. It defines around 600 security controls with over 1,500 requirements in various domains like HR, asset management, access management, data privacy, medical devices management and more.
  • ADHICS is applicable to all licensed Mediclinic facilities in the Emirate of Abu Dhabi. In reality, it sets the benchmark for the company-wide cybersecurity policies, processes and measures in all facilities as Mediclinic Middle East operates standardised infrastructure and applications like the internal network, Bayanaty/TrakCare or Infinitt/PACS.
  • ADHICS was published in 2019 and updated in 2024. The previous DOH Standard on Patient Healthcare Data Privacy is now included in ADHICS.
  • All facilities in the Abu Dhabi region are being audited on ADHICS on an annual basis.

DHA Policy for Health Data Protection and Confidentiality 2022

  • Applicable to all Healthcare Entities under Dubai Health Authority (DHA), i.e. all Mediclinic facilities in the Emirate of Dubai.
  • Sets out DHA’s requirements for Health Data Protection and Confidentiality in line with the UAE laws and the Emirate of Dubai regulatory frameworks.

ADGM Data Protection Regulations 2021

  • ADGM stands for Abu Dhabi Global Market, a free zone in Abu Dhabi
  • One of the most advanced and modern data protection regulations in the Gulf region.
  • Applicable to Mediclinic Reem Mall Clinic, located on the Reem Island which is part of the ADGM free zone.

European Union General Data Protection Regulation (EU-GDPR)

  • The EU-GDPR was enacted in 2016 and became fully enforceable on 25 May 2018. It is applicable to all data controllers and data processors within the European Union but also applicable outside the EU in specific situations.
  • The GDPR is called the “golden standard” for data protection and has influenced multiple legislations, including the legislation in the UAE.
  • To comply with privacy and data protection laws, Mediclinic decided in 2018 to implement the GDPR framework in all its Divisions (Switzerland, Middle East and Southern Africa). Implementing the GDPR was beneficial for MCME as eventually many requirements of the UAE Laws and Regulation are identic or similar to GDPR.

DIFC Data Protection Law No. 5 of 2020 as amended, and its Regulations 2022

  • DIFC stands for Dubai International Financial Centre, a free zone in Dubai.
  • The law can be seen as one the most advanced and modern data protection laws in the Gulf region or even worldwide.
  • Not directly applicable as Mediclinic currently does not operate under the DIFC jurisdiction.
  • Like the EU-GDPR, the DIFC law and regulations set a standard and benchmark and serve as a direction for MCME in case of ambiguities due to the lack of the Executive Regulations on Federal level.

United Kingdom General Data Protection Regulation (UK-GDPR) and Data Protection Act 2018

  • The UK-GDPR is a “copy” of the EU-GDPR. Upon leaving the European Union (“Brexit”), the UK transitioned multiple EU legislations into UK law to avoid gaps in its own regulatory framework.
  • The Data Protection Act specifies UK-GDPR provisions and enhances areas not regulated in the GDPR (e.g. details about the Data Protection Authority or rules for areas not covered by the GDPR such as law enforcement).
  • Mediclinic has a registered office in England and was listed at the London Stock Exchange until early 2023. UK law has significantly steered and influenced Mediclinic’s Governance framework and still does.

South Africa Protection of Personal Information Act 4 of 2013 (POPIA)

  • The POPI Act in South Africa aims to promote the protection of personal information processed by public and private bodies and to introduce certain conditions so as to establish minimum requirements for the processing of personal information.
  • It came fully into force only by July 2020.
  • Applicable to Mediclinic South Africa and Mediclinic Group Services.

Switzerland Federal Data Protection Act 2020 (FDPA) and Data Protection Laws of the Cantons

  • The FDPA was enacted in 1992 and revised in 2020 to align with the EU-GDPR. Its provisions are widely identic or similar to the EU-GDPR but in some specific areas less strict and less formal.
  • Applicable to Hirslanden (the Swiss Division of Mediclinic).
  • Additionally to the FDPA, the Cantons (i.e. States, similar to UAE Emirates) have own data protection laws which are applicable to the Hirslanden hospitals located in the respective Cantons. These laws are similar to the FDPA, however different Authorities are competent and different interpretations of the law might impact the company.

Remember, our dedication to patient well-being extends beyond medical care; it includes safeguarding their privacy. Let us all contribute to fostering an environment where patients can trust that their information is handled with the utmost care and respect.

Thank you for your commitment to upholding the values that make Mediclinic a trusted healthcare provider.

Infobox:

UAE Federal Law: Data protection laws | The Official Portal of the UAE Government

ADHICS (DOH Aamen Portal): DOH Abu Dhabi Healthcare Information and Cybersecurity Standard

DHA Policy: DHA Policy for Data and Health Information Protection and Confidentiality

EU-GDPR: European Union General Data Protection Regulation